I think you're referring to encoding user input and not encrypting it.
Some things that spring to mind that you should look out for:
1. Don't trust the user's input. Make sure you validate it (especially strings) and HtmlEncode it if you're going to display it in a web page again
2. Parameterize your queries
3. Make sure the account with which you're logging onto SQL Server with has the bare minumum in terms of permissions to cover your functionality. You shouldn't need more dbdatareader and dbdatawriter by the sound of it
4. Don't store sensitive stuff like a password in a cookie
Find out more here:
http://msdn.microsoft.com/en-us/library/ff648647.aspx[
^]